Remove static Remote Config auth tokens

service/config/sample-secrets-bundle.yml

@@ -71,10 +71,6 @@ zkConfig.serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrs
 
 genericZkConfig.serverSecret: ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyzAA==
 
-remoteConfig.authorizedTokens:
-  - token1 # 1st authorized token
-  - token2 # 2nd authorized token
-
 paymentsService.userAuthenticationTokenSharedSecret: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # base64-encoded 32-byte secret shared with MobileCoin services used to generate auth tokens for Signal users
 paymentsService.fixerApiKey: unset
 paymentsService.coinMarketCapApiKey: unset

service/config/sample.yml

@@ -301,7 +301,6 @@ appConfig:
   configuration: example
 
 remoteConfig:
-  authorizedTokens: secret://remoteConfig.authorizedTokens
   authorizedUsers:
     - # 1st authorized user
     - # 2nd authorized user

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -745,7 +745,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         new RegistrationController(accountsManager, phoneVerificationTokenManager, registrationLockVerificationManager,
             keys, rateLimiters),
         new RemoteConfigController(remoteConfigsManager, adminEventLogger,
-            config.getRemoteConfigConfiguration().authorizedTokens().value(),
             config.getRemoteConfigConfiguration().authorizedUsers(),
             config.getRemoteConfigConfiguration().requiredHostedDomain(),
             config.getRemoteConfigConfiguration().audiences(),

service/src/main/java/org/whispersystems/textsecuregcm/configuration/RemoteConfigConfiguration.java

@@ -10,10 +10,8 @@ import java.util.Map;
 import java.util.Set;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
-import org.whispersystems.textsecuregcm.configuration.secrets.SecretStringList;
 
-public record RemoteConfigConfiguration(@NotNull SecretStringList authorizedTokens,
+public record RemoteConfigConfiguration(@NotNull Set<String> authorizedUsers,
-                                        @NotNull Set<String> authorizedUsers,
                                         @NotNull String requiredHostedDomain,
                                         @NotNull @NotEmpty List<String> audiences,
                                         @NotNull Map<String, String> globalConfig) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java

@@ -54,7 +54,6 @@ public class RemoteConfigController {
 
   private final RemoteConfigsManager remoteConfigsManager;
   private final AdminEventLogger adminEventLogger;
-  private final List<String> configAuthTokens;
   private final Set<String> configAuthUsers;
   private final Map<String, String> globalConfig;
 
@@ -65,11 +64,10 @@ public class RemoteConfigController {
   private static final String GLOBAL_CONFIG_PREFIX = "global.";
 
   public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, AdminEventLogger adminEventLogger,
-      List<String> configAuthTokens, Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
+      Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
       final GoogleIdTokenVerifier.Builder googleIdTokenVerifierBuilder, Map<String, String> globalConfig) {
     this.remoteConfigsManager = remoteConfigsManager;
     this.adminEventLogger = Objects.requireNonNull(adminEventLogger);
-    this.configAuthTokens = configAuthTokens;
     this.configAuthUsers = configAuthUsers;
     this.globalConfig = globalConfig;
 
@@ -141,8 +139,7 @@ public class RemoteConfigController {
 
   private Optional<String> getAuthIdentity(String token) {
     return getAuthorizedGoogleIdentity(token)
-        .map(googleIdToken -> googleIdToken.getPayload().getEmail())
+        .map(googleIdToken -> googleIdToken.getPayload().getEmail());
-        .or(() -> Optional.ofNullable(isAuthorized(token) ? token : null));
   }
 
   private Optional<GoogleIdToken> getAuthorizedGoogleIdentity(String token) {
@@ -183,8 +180,4 @@ public class RemoteConfigController {
     return bucket < configPercentage;
   }
 
-  @SuppressWarnings("BooleanMethodIsAlwaysInverted")
-  private boolean isAuthorized(String configToken) {
-    return configToken != null && configAuthTokens.stream().anyMatch(authorized -> MessageDigest.isEqual(authorized.getBytes(), configToken.getBytes()));
-  }
 }

service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/RemoteConfigControllerTest.java

@@ -31,7 +31,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Random;
 import java.util.Set;
-import java.util.stream.Stream;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -40,9 +39,6 @@ import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.Arguments;
-import org.junit.jupiter.params.provider.MethodSource;
 import org.mockito.ArgumentCaptor;
 import org.signal.event.NoOpAdminEventLogger;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
@@ -59,7 +55,6 @@ import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
 class RemoteConfigControllerTest {
 
   private static final RemoteConfigsManager remoteConfigsManager = mock(RemoteConfigsManager.class);
-  private static final List<String> remoteConfigsAuth = List.of("foo", "bar");
 
   private static final Set<String> remoteConfigsUsers = Set.of("user1@example.com", "user2@example.com");
 
@@ -79,8 +74,8 @@ class RemoteConfigControllerTest {
           ImmutableSet.of(AuthenticatedAccount.class, DisabledPermittedAuthenticatedAccount.class)))
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addProvider(new DeviceLimitExceededExceptionMapper())
-      .addResource(new RemoteConfigController(remoteConfigsManager, new NoOpAdminEventLogger(), remoteConfigsAuth,
+      .addResource(new RemoteConfigController(remoteConfigsManager, new NoOpAdminEventLogger(), remoteConfigsUsers,
-          remoteConfigsUsers, requiredHostedDomain, Collections.singletonList("aud.example.com"),
+          requiredHostedDomain, Collections.singletonList("aud.example.com"),
           googleIdVerificationTokenBuilder, Map.of("maxGroupSize", "42")))
       .build();
 
@@ -228,13 +223,12 @@ class RemoteConfigControllerTest {
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetConfig() {
-  void testSetConfig(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
             MediaType.APPLICATION_JSON_TYPE));
 
@@ -249,13 +243,12 @@ class RemoteConfigControllerTest {
     assertThat(captor.getValue().getUuids()).isEmpty();
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetConfigValued() {
-  void testSetConfigValued(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .put(Entity.entity(new RemoteConfig("value.sometimes", 50, Set.of(), "a", "b", null),
             MediaType.APPLICATION_JSON_TYPE));
 
@@ -270,9 +263,9 @@ class RemoteConfigControllerTest {
     assertThat(captor.getValue().getUuids()).isEmpty();
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetConfigWithHashKey() {
-  void testSetConfigWithHashKey(final String configToken) {
+    final String configToken = "user1.valid";
     Response response1 = resources.getJerseyTest()
         .target("/v1/config")
         .request()
@@ -308,13 +301,12 @@ class RemoteConfigControllerTest {
     assertThat(capture2.getHashKey()).isEqualTo("linked.config.0");
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("unauthorizedTokens")
+  void testSetConfigUnauthorized() {
-  void testSetConfigUnauthorized(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user3.valid")
         .put(Entity.entity(new RemoteConfig("android.stickers", 88, Set.of(), "FALSE", "TRUE", null),
             MediaType.APPLICATION_JSON_TYPE));
 
@@ -336,13 +328,12 @@ class RemoteConfigControllerTest {
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetConfigBadName() {
-  void testSetConfigBadName(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .put(Entity.entity(new RemoteConfig("android-stickers", 88, Set.of(), "FALSE", "TRUE", null),
             MediaType.APPLICATION_JSON_TYPE));
 
@@ -351,13 +342,12 @@ class RemoteConfigControllerTest {
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetConfigEmptyName() {
-  void testSetConfigEmptyName(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .put(Entity.entity(new RemoteConfig("", 88, Set.of(), "FALSE", "TRUE", null), MediaType.APPLICATION_JSON_TYPE));
 
     assertThat(response.getStatus()).isEqualTo(422);
@@ -365,26 +355,24 @@ class RemoteConfigControllerTest {
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testSetGlobalConfig() {
-  void testSetGlobalConfig(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .put(Entity.entity(new RemoteConfig("global.maxGroupSize", 88, Set.of(), "FALSE", "TRUE", null),
             MediaType.APPLICATION_JSON_TYPE));
     assertThat(response.getStatus()).isEqualTo(403);
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testDelete() {
-  void testDelete(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config/android.stickers")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .delete();
 
     assertThat(response.getStatus()).isEqualTo(204);
@@ -406,13 +394,12 @@ class RemoteConfigControllerTest {
     verifyNoMoreInteractions(remoteConfigsManager);
   }
 
-  @ParameterizedTest
+  @Test
-  @MethodSource("authorizedTokens")
+  void testDeleteGlobalConfig() {
-  void testDeleteGlobalConfig(final String configToken) {
     Response response = resources.getJerseyTest()
         .target("/v1/config/global.maxGroupSize")
         .request()
-        .header("Config-Token", configToken)
+        .header("Config-Token", "user1.valid")
         .delete();
     assertThat(response.getStatus()).isEqualTo(403);
     verifyNoMoreInteractions(remoteConfigsManager);
@@ -447,17 +434,4 @@ class RemoteConfigControllerTest {
     }
   }
 
-  static Stream<Arguments> authorizedTokens() {
-    return Stream.of(
-        Arguments.of("foo"),
-        Arguments.of("user1.valid")
-    );
-  }
-
-  static Stream<Arguments> unauthorizedTokens() {
-    return Stream.of(
-        Arguments.of("baz"),
-        Arguments.of("user3.valid")
-    );
-  }
 }